Central banks keep ISO 31000 and COSO-ERM as main approaches
Principles tend to vary slightly by central banks’ risk management philosophies
Most central banks continue to use two main frameworks for mitigating potential losses associated with identified risks, data from the Risk Management Benchmarks 2025 shows.
The top two approaches are the International Organization for Standardization’s ISO 31000 and Committee of Sponsoring Organizations of the Treadway Commission (COSO) enterprise risk management (ERM).
Over four-fifths (85.7%) of 42 respondents say they use ISO 31000 as a guide. COSO-ERM is active at nearly two-thirds (64.3%)
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@centralbanking.com or view our subscription options here: http://subscriptions.centralbanking.com/subscribe
You are currently unable to print this content. Please contact info@centralbanking.com to find out more.
You are currently unable to copy this content. Please contact info@centralbanking.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@centralbanking.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@centralbanking.com
More on Risk Management
Central banks typically employ detailed business continuity plans
But institutional risk appetite is less commonly included, especially in Europe
A third of central banks lack key risk indicators
Most of those with KRIs conduct monitoring and employ feedback loops
Direct system breaches are top cyber risk
Main threats vary by cyber security staffing and economic groupings
Over 60% of risk departments face staff and resource shortages
Teams that face hiring challenges generally have to make do with smaller risk departments
One-fifth of central banks lack defined risk tolerance and strategy
But majority of respondents apply risk management principles to policies and processes
Adoption of governance, risk and compliance systems still partial
Respondents mention main service providers and plans to upgrade
Decentralised risk teams less likely to have chief risk officers
CROs are also less common at Asia-Pacific and European central banks
Credit and counterparty risk gains relevance as most covered risk
But central banks’ top risks vary by geographical regions